2 Replies Latest reply: Jan 16, 2013 6:12 PM by btlyric RSS

    Blocking Internet Java (January 2013 edition)


      [moved to new thread   but ref: the older thread https://community.mcafee.com/message/270727#270727   ]


      With the latest widely-exploited-and-baked-in-exploit-kits Java 0day [1] going around again (which is only half fixed [2] by the latest Java 7 patch)... and with Java 6 a few weeks away from being EOL'd while many many enterprise critical internal Java interfaces don't necessarily work with Java 7... curious how many folks are blocking Java now, and  how they're going about it.    


      What legitimate sites are you seeing that are going on your whitelists given that no save version of Java exists right now?


      In reviewing logs, I've found a lot of Java mime-types that don't appear to be on the pre-baked list in my MWG interface at mentioned by helpful posters in

      https://community.mcafee.com/message/270727#270727     I am also trying to divine a method where I don't keep Eclipse and friends from getting their updates.  Eclipse uses a non-Mozilla user-agent so I think that will be part of the logic I implement.  The other thing I have to be careful of is the legit use of web meetings where Java often comes into play especially for limited users and not able to isntall ActiveX controls that some meeting solutions leverage.


      [1] http://krebsonsecurity.com/tag/java-0day/  and http://blog.spiderlabs.com/2013/01/first-java-0day-for-the-year-2013.html

      [2] http://immunityproducts.blogspot.com/2013/01/confirmed-java-only-fixed-one-of-tw o.html


      Shared experiences welcome!    And no one be deluded into thinking AV signatures will save us from this one.  :-)